ironflow-api 2.11.3

REST API for ironflow run management and observability
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275

//! Per-IP rate limiting middleware backed by [`governor`].
//!
//! Use [`per_minute`] to create a limiter, then install the [`rate_limit`]
//! middleware on the desired router group. Rate-limited responses include
//! `X-RateLimit-Limit` / `Retry-After` headers and return HTTP 429 with a
//! JSON error body.

use std::net::{IpAddr, Ipv4Addr, SocketAddr};
use std::num::NonZeroU32;
use std::sync::Arc;

use axum::extract::{ConnectInfo, Request};
use axum::http::{HeaderValue, StatusCode};
use axum::middleware::Next;
use axum::response::{IntoResponse, Response};
use governor::clock::{Clock, DefaultClock};
use governor::state::keyed::DashMapStateStore;
use governor::{Quota, RateLimiter};
use serde_json::json;

/// Keyed rate limiter: one bucket per IP address.
type KeyedLimiter = RateLimiter<IpAddr, DashMapStateStore<IpAddr>, DefaultClock>;

/// Shared rate limiter state, injected as an Axum extension.
#[derive(Clone)]
pub struct RateLimitState {
    limiter: Arc<KeyedLimiter>,
    burst: u32,
}

/// Build a per-IP rate limiter allowing `requests_per_minute` requests
/// per minute.
///
/// # Panics
///
/// Panics if `requests_per_minute` is 0.
///
/// # Examples
///
/// ```
/// use ironflow_api::rate_limit::per_minute;
///
/// let auth_limiter = per_minute(10);
/// let general_limiter = per_minute(60);
/// ```
pub fn per_minute(requests_per_minute: u32) -> RateLimitState {
    let quota = Quota::per_minute(NonZeroU32::new(requests_per_minute).expect("burst must be > 0"));
    RateLimitState {
        limiter: Arc::new(RateLimiter::keyed(quota)),
        burst: requests_per_minute,
    }
}

/// Axum middleware that enforces per-IP rate limiting.
///
/// Must be installed with a [`RateLimitState`] extension on the router.
/// Returns 429 Too Many Requests when the limit is exceeded, with a JSON body
/// and `X-RateLimit-Limit` / `Retry-After` headers.
pub async fn rate_limit(req: Request, next: Next) -> Response {
    let state = match req.extensions().get::<RateLimitState>() {
        Some(s) => s.clone(),
        None => return next.run(req).await,
    };

    let ip = extract_client_ip(&req);

    match state.limiter.check_key(&ip) {
        Ok(_) => {
            let mut resp = next.run(req).await;
            resp.headers_mut()
                .insert("x-ratelimit-limit", HeaderValue::from(state.burst));
            resp
        }
        Err(not_until) => {
            let retry_after = not_until.wait_time_from(DefaultClock::default().now());
            let retry_secs = retry_after.as_secs().max(1);

            let body = json!({
                "error": {
                    "code": "RATE_LIMIT_EXCEEDED",
                    "message": "Too many requests, please try again later",
                    "retry_after_secs": retry_secs,
                }
            });

            let mut resp = (StatusCode::TOO_MANY_REQUESTS, axum::Json(body)).into_response();
            resp.headers_mut()
                .insert("retry-after", HeaderValue::from(retry_secs));
            resp.headers_mut()
                .insert("x-ratelimit-limit", HeaderValue::from(state.burst));
            resp
        }
    }
}

/// Extract the client IP from the request.
///
/// Checks `X-Forwarded-For` first (first IP in the chain), then
/// `X-Real-Ip`, then falls back to the connected peer address.
fn extract_client_ip(req: &Request) -> IpAddr {
    // X-Forwarded-For: client, proxy1, proxy2
    if let Some(forwarded) = req
        .headers()
        .get("x-forwarded-for")
        .and_then(|v| v.to_str().ok())
        && let Some(first) = forwarded.split(',').next()
        && let Ok(ip) = first.trim().parse::<IpAddr>()
    {
        return ip;
    }

    // X-Real-Ip
    if let Some(real_ip) = req.headers().get("x-real-ip").and_then(|v| v.to_str().ok())
        && let Ok(ip) = real_ip.trim().parse::<IpAddr>()
    {
        return ip;
    }

    // Fallback to connected peer (axum injects ConnectInfo)
    req.extensions()
        .get::<ConnectInfo<SocketAddr>>()
        .map(|ci| ci.0.ip())
        .unwrap_or(IpAddr::V4(Ipv4Addr::UNSPECIFIED))
}

#[cfg(test)]
mod tests {
    use axum::body::Body;
    use axum::http::{Request, StatusCode};
    use axum::middleware as axum_mw;
    use axum::routing::get;
    use axum::{Extension, Router};
    use http_body_util::BodyExt;
    use serde_json::Value as JsonValue;
    use tower::ServiceExt;

    use super::*;

    async fn ok_handler() -> &'static str {
        "ok"
    }

    fn test_app(limiter: RateLimitState) -> Router {
        Router::new()
            .route("/test", get(ok_handler))
            .layer(axum_mw::from_fn(rate_limit))
            .layer(Extension(limiter))
    }

    fn test_request() -> Request<Body> {
        Request::builder()
            .uri("/test")
            .header("x-forwarded-for", "1.2.3.4")
            .body(Body::empty())
            .unwrap()
    }

    #[tokio::test]
    async fn allows_requests_within_limit() {
        let limiter = per_minute(5);
        let app = test_app(limiter);

        let resp = app.oneshot(test_request()).await.unwrap();
        assert_eq!(resp.status(), StatusCode::OK);
        assert!(resp.headers().contains_key("x-ratelimit-limit"));
    }

    #[tokio::test]
    async fn rejects_when_limit_exceeded() {
        let limiter = per_minute(2);
        let app = test_app(limiter.clone());

        // Exhaust the limiter from the same IP
        let _ = app.oneshot(test_request()).await;
        let app = test_app(limiter.clone());
        let _ = app.oneshot(test_request()).await;

        let app = test_app(limiter);
        let resp = app.oneshot(test_request()).await.unwrap();
        assert_eq!(resp.status(), StatusCode::TOO_MANY_REQUESTS);

        let body = resp.into_body().collect().await.unwrap().to_bytes();
        let json_val: JsonValue = serde_json::from_slice(&body).unwrap();
        assert_eq!(json_val["error"]["code"], "RATE_LIMIT_EXCEEDED");
    }

    #[tokio::test]
    async fn includes_retry_after_header() {
        let limiter = per_minute(1);
        let app = test_app(limiter.clone());

        // Use up the single allowed request
        let _ = app.oneshot(test_request()).await;

        let app = test_app(limiter);
        let resp = app.oneshot(test_request()).await.unwrap();
        assert_eq!(resp.status(), StatusCode::TOO_MANY_REQUESTS);
        assert!(resp.headers().contains_key("retry-after"));
    }

    #[tokio::test]
    async fn different_ips_have_separate_limits() {
        let limiter = per_minute(1);

        let app = test_app(limiter.clone());
        let req_ip1 = Request::builder()
            .uri("/test")
            .header("x-forwarded-for", "10.0.0.1")
            .body(Body::empty())
            .unwrap();
        let resp = app.oneshot(req_ip1).await.unwrap();
        assert_eq!(resp.status(), StatusCode::OK);

        let app = test_app(limiter);
        let req_ip2 = Request::builder()
            .uri("/test")
            .header("x-forwarded-for", "10.0.0.2")
            .body(Body::empty())
            .unwrap();
        let resp = app.oneshot(req_ip2).await.unwrap();
        assert_eq!(resp.status(), StatusCode::OK);
    }

    #[tokio::test]
    async fn extracts_ip_from_x_real_ip() {
        let limiter = per_minute(1);

        let app = test_app(limiter.clone());
        let req = Request::builder()
            .uri("/test")
            .header("x-real-ip", "192.168.1.1")
            .body(Body::empty())
            .unwrap();
        let resp = app.oneshot(req).await.unwrap();
        assert_eq!(resp.status(), StatusCode::OK);

        let app = test_app(limiter);
        let req = Request::builder()
            .uri("/test")
            .header("x-real-ip", "192.168.1.1")
            .body(Body::empty())
            .unwrap();
        let resp = app.oneshot(req).await.unwrap();
        assert_eq!(resp.status(), StatusCode::TOO_MANY_REQUESTS);
    }

    #[tokio::test]
    async fn general_limiter_allows_more_requests() {
        let limiter = per_minute(60);

        for _ in 0..10 {
            let app = test_app(limiter.clone());
            let resp = app.oneshot(test_request()).await.unwrap();
            assert_eq!(resp.status(), StatusCode::OK);
        }
    }

    #[test]
    fn extract_ip_x_forwarded_for_first_ip() {
        let req = Request::builder()
            .uri("/test")
            .header("x-forwarded-for", "1.2.3.4, 5.6.7.8")
            .body(Body::empty())
            .unwrap();
        let ip = extract_client_ip(&req);
        assert_eq!(ip, "1.2.3.4".parse::<IpAddr>().unwrap());
    }

    #[test]
    fn extract_ip_fallback_to_unspecified() {
        let req = Request::builder().uri("/test").body(Body::empty()).unwrap();
        let ip = extract_client_ip(&req);
        assert_eq!(ip, IpAddr::V4(Ipv4Addr::UNSPECIFIED));
    }
}